1 容器與虛擬機
| 特性 | 容器 | 虛擬機 |
| 啓動 | 秒級 | 分鐘級 |
| 硬盤使用 | 一般爲 MB | 一般爲 GB |
| 性能 | 接近原生 | 弱於 |
| 系統支持量 | 單機支持上千個容器 | 一般幾十個 |
A brief explanation of containers
An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files.
A container is a runtime instance of an image—what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so.
Containers run apps natively on the host machine’s kernel. They have better performance characteristics than virtual machines that only get virtual access to host resources through a hypervisor. Containers can get native access, each one running in a discrete process, taking no more memory than any other executable.
Containers vs. virtual machines
Consider this diagram comparing virtual machines to containers:
Virtual Machine diagram
Virtual machines run guest operating systems—note the OS layer in each box. This is resource intensive, and the resulting disk image and application state is an entanglement of OS settings, system-installed dependencies, OS security patches, and other easy-to-lose, hard-to-replicate ephemera.
Container diagram
Containers can share a single kernel, and the only information that needs to be in a container image is the executable and its package dependencies, which never need to be installed on the host system. These processes run like native processes, and you can
manage them individually by running commands likedocker
ps—just like you would run ps on
Linux to see active processes. Finally, because they contain all their dependencies, there is no configuration entanglement; a containerized app “runs anywhere.”
2 安裝docker
| 項目 | 說明 |
| 版本格式 | YY.MM |
| Stable 版本 | 每個季度發行 |
| Edge 版本 | 每個月發行 |
| 當前 Docker CE Stable版本 | 17.09 |
| 當前 Docker CE Edge版本 | 17.11 |
同時 Docker 劃分爲CE和EE。CE即社區版(免費,支持週期三個月) ,EE即企業版,強
調安全,付費使用。
2.1 準備工作
系統要求
Docker CE 支持以下版本的Ubuntu操作系統:
Artful 17.10 (Docker CE 17.11 Edge)
Zesty 17.04
Xenial 16.04 (LTS)
Trusty 14.04 (LTS)卸載舊版本
舊版本的 Docker稱爲docker或者docker-engine,使用以下命令卸載舊版本:
$ sudo apt-get remove docker docker-engine docker.io
It’s OK if apt-get reports that
none of these packages are installed.
The contents of /var/lib/docker/,
including images, containers, volumes, and networks, are preserved. The Docker CE package is now called docker-ce.
存儲層驅動
Docker CE now uses the overlay2 storage
driver by default, and it is recommended that you use it instead of aufs.
If you need to use aufs, you
will need to do additional preparation.
XENIAL 16.04 AND NEWER
For Ubuntu 16.04 and higher, the Linux kernel includes support for OverlayFS, and Docker CE will use the overlay2storage
driver by default. If you need to use aufs instead,
you need to configure it manually. See aufs
TRUSTY 14.04
Unless you have a strong reason not to, install the linux-image-extra-* packages,
which allow Docker to use the aufsstorage
drivers.
$ sudo apt-get update
$ sudo apt-get install \
linux-image-extra-$(uname -r) \
linux-image-extra-virtual2.2 安裝
三種方法:
-
Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach.
-
Some users download the DEB package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.
-
In testing and development environments, some users choose to use automated convenience scripts to install Docker.
Before you install Docker CE for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
2.2.1 安裝前的設置
1 更新apt軟件包緩存
$ sudo apt-get update2 添加使用HTTPS 傳輸的軟件包以及 CA 證書
$ sudo apt-get install apt-transport-https ca-certificates curl software-properties-common3 添加軟件源的 GPG 密鑰
爲了確認所下載軟件包的合法性,需要添加軟件源的 GPG密鑰。
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -9DC8
5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88, by searching for the last 8 characters of the fingerprint.$ sudo apt-key fingerprint 0EBFCD88
pub 4096R/0EBFCD88 2017-02-22
Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid Docker Release (CE deb) <[email protected]>
sub 4096R/F273FCD8 2017-02-224 向 source.list 中添加Docker軟件源
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"也會包含穩定版本的 Docker。
使用國內源:
國內源
爲了確認所下載軟件包的合法性,需要添加軟件源的 GPG 密鑰。
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add
-
然後,我們需要向 source.list 中添加 Docker 軟件源
$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"2.2.2 安裝
1 更新apt軟件包緩存
$ sudo apt-get update2 安裝最新版
$ sudo apt-get install docker-ce查看可安裝版本:
root@ubuntu:~# apt-cache madison docker-ce
docker-ce | 17.09.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.2~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.1~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.06.0~ce-0~ubuntu | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.2~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages安裝指定版本:
$ sudo apt-get install docker-ce=<VERSION>The Docker daemon starts automatically.
root@ubuntu:~# ps -ef | grep docker
root 27981 1 1 14:09 ? 00:00:00 /usr/bin/dockerd -H fd://
root 28002 27981 0 14:09 ? 00:00:00 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc3 啓動 Docker CE
$ sudo systemctl enable docker
$ sudo systemctl start docker
Ubuntu 14.04請使用以下命令啓動:
$ sudo service docker start
4 測試 Docker 是否安裝正確
root@ubuntu:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
ca4f61b1923c: Pull complete
Digest: sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://cloud.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/若能正常輸出以上信息,則說明安裝成功。
5 加速
鑑於國內網絡問題,後續拉取 Docker 鏡像十分緩慢,強烈建議安裝 Docker 之後配置 國內鏡像加速Docker 官方和國內很多雲服務商都提供了國內加速器服務,例如:
Docker 官方提供的中國registry mirror
阿里雲加速器
DaoCloud 加速器
我們以 Docker 官方加速器爲例進行介紹。
Ubuntu 14.04、Debian 7 Wheezy
對於使用 upstart的系統而言,編輯/etc/default/docker文件,在其中的DOCKER_OPTS中添加獲得的加速器配置:
DOCKER_OPTS="--registry-mirror=https://registry.docker-cn.com"重新啓動服務。
$ sudo service docker restart
Ubuntu 16.04+、Debian 8+、CentOS 7
對於使用 systemd的系統,請在/etc/docker/daemon.json中寫入如下內容(如果文件不存在請新建該文件)
{
"registry-mirrors": [
"https://registry.docker-cn.com"
]
}之後重新啓動服務。
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker注意:如果您之前查看舊教程,修改了docker.service文件內容,請去掉您添加的內容(--registry-mirror=https://registry.docker-cn.com) ,這裏不再贅述。
6 查看版本和信息
root@ubuntu:~# docker version
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
信息:
root@ubuntu:~# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 17.09.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.10.0-28-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 31.33GiB
Name: ubuntu
ID: TIWM:WOAT:4AHA:X7PB:DAYJ:SM2T:WGQ5:JZWC:EXRN:MJHN:QVRG:W6I7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
Live Restore Enabled: false
WARNING: No swap limit support
使用systemctl status查看
root@ubuntu:~# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2017-12-04 14:21:13 CST; 20min ago
Docs: https://docs.docker.com
Main PID: 28662 (dockerd)
Tasks: 28
Memory: 31.0M
CPU: 2.636s
CGroup: /system.slice/docker.service
├─28662 /usr/bin/dockerd -H fd://
└─28672 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libconta
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917319341+08:00" level=warning msg="Your kernel does not support swap memory limit"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917372491+08:00" level=warning msg="Your kernel does not support cgroup rt period"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917387223+08:00" level=warning msg="Your kernel does not support cgroup rt runtime"
12月 04 14:21:12 ubuntu dockerd[28662]: time="2017-12-04T14:21:12.917915755+08:00" level=info msg="Loading containers: start."
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.065048722+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.102800534+08:00" level=info msg="Loading containers: done."
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.148239897+08:00" level=info msg="Docker daemon" commit=afdb6d4 graphdriver(s)=overlay2 version=17.09.0-ce
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.148326663+08:00" level=info msg="Daemon has completed initialization"
12月 04 14:21:13 ubuntu dockerd[28662]: time="2017-12-04T14:21:13.167017323+08:00" level=info msg="API listen on /var/run/docker.sock"
12月 04 14:21:13 ubuntu systemd[1]: Started Docker Application Container Engine.3 卸載docker
-
Uninstall the Docker CE package:
$ sudo apt-get purge docker-ce -
Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
$ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.
4 基本概念
Docker 包括三個基本概念鏡像(Image)
容器(Container)
倉庫(Repository)
理解了這三個概念,就理解了 Docker 的整個生命週期。
參考:
1 Docker — 從入門到實踐:https://github.com/yeasy/docker_practice